SOC Analyst L3

Protecting the data of millions of Yandex users is an important task, and one of its aspects is controlling internal information security risks. For this purpose, a special team has been created within our SOC. We are looking for a third-line SOC engineer who will help identify and neutralize internal threats, ensuring the highest level of trust in our services.

What tasks await you

Threat analysis and monitoring You will deeply analyze service administration interfaces, develop potential threat scenarios (including modeling the actions of a hypothetical "internal intruder") and create monitoring rules, as well as analyze their triggers.

Audit You will assess the correctness of log collection and structuring by services, as well as check the effectiveness of data leakage protection mechanisms.

Incident investigation You will participate in the investigation of security incidents by analyzing patterns of user behavior.

More about security at Yandex — in the channel Yandex for Security

We expect that you

• Confidently work with large volumes of statistical data (have no difficulty processing large files)
• Understand the principles of web server operation (including nginx) and can analyze web logs (including access_log) in the context of security tasks
• Write in scripting languages (Bash, Python)
• Know regular expressions
• Want to grow and work in a team
• Are capable of acting independently

Will be a plus

• Possess basic digital forensics skills
• Have worked with databases (any SQL-like syntax)
• Have had experience working at L2 in a SOC